If you are a regular follower of this blog then you will know that cyber crime is one of our hottest topics. There is literally nothing of more concern right now to business owners than the prospect of having their IT systems penetrated, their data stolen and their servers corrupted. You might on occasion be tempted to think that this is all another IT scare story designed to frighten people into spending money on cyber security consultancy and anti-virus software, just like the so-called ‘Millennium bug’ that failed to materialise on the stroke of midnight at the turn of the century.
Then you would click onto your mainstream news websites this morning and realise that this is no joke, or baseless scare story. It is a real life nightmare that is actually more frightening in reality than even your worst scary dreams imagined it might be. The news I am talking about is the story broken today by Russian cyber security firm, Kaperskey Lab, of a billion dollar cyber fraud perpetrated on 100 financial institutions across the globe over at least a two-year period.
The cyber crime syndicate allegedly penetrated banks’ security systems through their weakest link, their staff using phishing e-mails. The criminals were then able to trawl through data, access internal security cameras, transfer funds and even instruct ATM machines to spew out cash to order. The fraud came to light when Kaperskey Lab were called to investigate an ATM machine in Ukraine doing just that, pushing out free cash at seemingly random hours of the day and night.
You have to wonder why all of this has taken so long to emerge and perhaps even question the motives of some of the victim institutions in not disclosing this to the public before now. The banks have no incentive to go public and worry customers about the security of their money and their personal information. No business wants to admit that its security has been compromised and its data has been stolen. But you can only keep these things quiet for so long.
Every business, from global banks right down to local retail outlets, now has to have in place a business disruption plan to cope with incidents like these when they do occur and a business resilience strategy to try to prevent them in the first place. The Crises Control app allows you to setup an automatic alert to your key staff and suppliers when a trigger event such a hostile cyber attack is identified by your server monitoring software. This allows a rapid response that might be able to minimise the damage caused by such an incursion. It also allows you to regularly test your team’s responsiveness to such attacks, which will build up your resilience and may even help to prevent such a security breach in the first place. Remember, the weakest link is always your staff not following your security protocols to the letter.